Schneier on Security
A blog covering security and security technology.
« New WWII Cryptanalysis |
| New Vulnerability Against Industrial Control Systems »
November 5, 2012
New Jersey Allows Voting by E-Mail
I'm not filled with confidence, but this seems like the best of a bunch of bad alternatives.
EDITED TO ADD (11/6): Matt Blaze, Ed Felten, and Andrew Appel have a lot more to say about this.
Posted on November 5, 2012 at 2:54 PM
• 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Something I've been thinking about in terms of electronic voting security: Is it possible to create a cryptosystem such that there is a fundamental, easily-identifiable distinction between "Nobody cast a vote today" and "I swallowed all of the votes?" I can't think of a way to do it, but I'm far from an expert.
Secure Multiparty Computation is the base, using multiple organizations with strongly conflicting interests as the nodes (easiest way to guarantee no collusion/malicious cooperation).
The only major downside (for USA, that is, IMHO) is that we need to get secure public crypto keypairs to every voter in the country, which means distributing smart cards/ID cards in a secure manner to everybody. Considering the recent issues about requiring ID:s to vote hurting poor communities, well...
End-to-End voting is the most secure and auditable form of e-voting. http://en.wikipedia.org/wiki/...
E2E systems often employ cryptographic methods to craft receipts that allow voters to verify that their votes were not modified, without revealing which candidates were voted for. As such, these systems are sometimes referred to as receipt-based systems.
To the best of my knowlege on electronic voting: no there is nothing currently that would allow secure voting in any way.
The problem ist not just Cryptographic. Anything as complex as a modern computer will not be secure!
Email voting...president "3nlarg3 your p3n!s" wins the popular vote!
I expected the punch line to be "Since this is a pilot program and there's a need to compare it to existing mechanisms, for this initial test only Democrats should use this new system; Republicans should go to their polling places as usual".
obligatory "Dilbert" reference:
Season 02 Episode 17 "Ethics" (July 25, 2000)
"The company employees are forced to take ethical training classes, then Dilbert is made project lead for the National Internet Voting Network. An attractive female employee of a special-interest group attempts to seduce Dilbert, putting his ethical limitations to the test."
Note that this system was already in place for absentee ballots long before Sandy. (I'm not sure if it's new for this election or not, but my wife was given a fax/email option when she voted in September. She chose to mail it in the old fashioned way.)
The directive is not adding any new voting mechanisms, it's just saying that people in New Jersey are allowed to use the absentee voting mechanisms even if they're still in the state, as long as they're not actually living at home due to the hurricane.
A few comments about how crypto-systems exist to allow anonymity, verification, etc. etc.
The problem with these systems is that they are much harder to understand than making a mark on a piece of paper with a pen and then counting bits of paper.
Democracy only works if people vote.
People won't bother to vote in a system they don't trust.
It's difficult to trust a system you can't understand.
We (Oz) have compulsory voting using paper and pencil. I prefer this over even the sexiest quantum-crypto-area-51-cipher-rot-13-encoded eVoting system.
It seems to me that the American system manages to hide the forest of democracy behind the trees of voting.
There is so much voting going on, for so many things, that elections are so complicated that they negate the very democracy they're supposed to ensure.
Concur - computer/cryptographic systems are not cuddly...and, besides, all such are susceptible to subversion by insiders...
Another unfriendly thing about these systems...if it tells you your vote did not arrive or was not registered, what can you do about it?
So...Yes...hand count paper ballots...
"What do you need to rig an election? A basic knowledge of electronics and $30 worth of RadioShack gear, professional hacker Roger Johnston reveals."
I believe the Argonne Lab security assessment people have been mentioned on this blog before. They're quite talented.
An attractive female employee of a special-interest group attempts to seduce Dilbert putting his ethical limitations to the test.
Yes in one strip Dilbert did plea bargin down to "sexualy interfering with office equipment" rather than go to jail for somethin he had not done....
Such is the ethics system in plea barganing...
Surprised this hasn't made it here, yet. The Ohio secretary of state has had an "experimental patch" installed on voting tabulators in some 39 counties, This is only days before the election, etc, etc, etc. Perhaps innocent, perhaps tightening security, improving reporting of results, etc. But the appearance is BAD, and at this juncture full disclosure should be necessary. There were many sources for the story, I figured Computerworld would be the most neutral for this.
Oh, boy. An election day update:
Hotmail Takes on Election Duties as Servers in New Jersey Crash
In an effort to accommodate voters displaced by Hurricane Sandy, New Jersey decided to allow voters this year to request ballots by e-mail and submit them via e-mail and fax.
But that solution has turned out to be a disaster after e-mail servers used to send and receive election ballots in at least two major counties got clogged or crashed on Tuesday under the weight of voter traffic.
At least one official in Essex County, which has 451,000 registered voters, decided to solve the problem by inviting voters to send their ballot request to his personal Hotmail e-mail address.
“Per Essex County Clerk Christopher J. Durkin: Displaced voters can email a request for a ballot at email@example.com...,” according to a post on the Facebook page for West Orange, NJ.
Not exactly a secure option, as security researcher Ashkan Soltani notes. Apparently Durkin uses his mother’s maiden name as the “password recovery” question for his account.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.